Kotrola logu (nejde naistalovat žadný antivirus a pomalé stahovaní) Vyřešeno

[Rawaki]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.

Toto otestuj na Virustotal:
C:\WINDOWS\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\WINDOWS\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

V C:\WINDOWS/ nemám SysNative. Co dál?

[Reklama]

[Orcus]

Co jsem pokoumal, měly by to snad být batch soubory pro integrovanou grafiku, tak budeme věřit, že jsou.

Pokračuj dále s OTL.

[Rawaki]

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
File move failed. C:\Windows\SysWOW64\ieframe.dll scheduled to be moved on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\mrraw\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\mrraw\AppData\Roaming\mozilla\Firefox\Profiles\3yyvgag8.default\extensions folder moved successfully.
File C:\Users\mrraw\AppData\Roaming\mozilla\firefox\profiles\3yyvgag8.default\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi not found.
File C:\Users\mrraw\AppData\Roaming\mozilla\firefox\profiles\3yyvgag8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Program Files\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Users\*.tmp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\mrraw\Desktop\cmd.bat deleted successfully.
C:\Users\mrraw\Desktop\cmd.txt deleted successfully.
< netsh int ip reset c:\resetlog.txt /c >
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Pýˇstup byl odepýen.
Resetting , OK!
Restart the computer to complete this action.
C:\Users\mrraw\Desktop\cmd.bat deleted successfully.
C:\Users\mrraw\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Pýipojenˇ k mˇstnˇ sˇti* 3 while it has its media disconnected.
No operation can be performed on Pýipojenˇ k mˇstnˇ sˇti* 4 while it has its media disconnected.
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Pýipojenˇ k mˇstnˇ sˇti* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Pýipojenˇ k mˇstnˇ sˇti* 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d1cf:e2e1:5421:3855%4
Default Gateway . . . . . . . . . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1c6a:ad92:9235:ac5d
Link-local IPv6 Address . . . . . : fe80::1c6a:ad92:9235:ac5d%3
Default Gateway . . . . . . . . . : ::
C:\Users\mrraw\Desktop\cmd.bat deleted successfully.
C:\Users\mrraw\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Pýipojenˇ k mˇstnˇ sˇti* 3 while it has its media disconnected.
No operation can be performed on Pýipojenˇ k mˇstnˇ sˇti* 4 while it has its media disconnected.
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Pýipojenˇ k mˇstnˇ sˇti* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Pýipojenˇ k mˇstnˇ sˇti* 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d1cf:e2e1:5421:3855%4
IPv4 Address. . . . . . . . . . . : 192.168.0.103
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Tunnel adapter isatap.{77992DFC-70B0-40F3-86CC-C91F4B6AC1E3}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1c6a:ad92:9235:ac5d
Link-local IPv6 Address . . . . . : fe80::1c6a:ad92:9235:ac5d%3
Default Gateway . . . . . . . . . : ::
C:\Users\mrraw\Desktop\cmd.bat deleted successfully.
C:\Users\mrraw\Desktop\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\mrraw\Desktop\cmd.bat deleted successfully.
C:\Users\mrraw\Desktop\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Resetting Interface, OK!
Resetting , failed.
Pýˇstup byl odepýen.
Restart the computer to complete this action.
C:\Users\mrraw\Desktop\cmd.bat deleted successfully.
C:\Users\mrraw\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: mrraw
->Temp folder emptied: 12313336 bytes
->Temporary Internet Files folder emptied: 3673620 bytes
->FireFox cache emptied: 370433719 bytes
->Flash cache emptied: 3242 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 83338503 bytes

Total Files Cleaned = 448,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: mrraw
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: mrraw

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12232015_094504

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\ieframe.dll scheduled to be moved on reboot.
C:\Users\mrraw\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[jaro3]

Co problémy?

[Rawaki]

Furt stejný.

[jerabina]

Stáhni si prosím Powelikscleaner (ESET)

a ulož jej na plochu. Poklepáním spusť nástroj. Přečti si podmínky licenční smlouvy s koncovým uživatelem a klepni na tlačítko „Agree“(Souhlasím)
- Nástroj se spustí automaticky. Když cleaner najde infekci Poweliks, stiskni klávesu „Y“ na klávesnici k jejímu odstranění.
- Zobrazí se , že detekovaná hrozba "Win32 / Poweliks byla úspěšně odstraněna ze systému".
("Win32/Poweliks was successfully removed from your system")

Stisknutím libovolné klávesy ukončete nástroj a restartujte počítač.
- Nástroj vytvoří protokol ve stejném adresáři z kterého byl nástroj spuštěn.
- Zprávu zkopíruj a vlož sem.

Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených, svojí jednotku disku , pokud jich máš víc, můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning“
- Program začne skenovat zatržené jednotky

Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors
Počítač
Místní disk C

Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka
A jiné , např. Flash disky , které máš připojeny.

- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku

Stáhni si Emsisoft Emergency Kit
http://dl.emsisoft.com/EmsisoftEmergencyKit.exe
na svojí plochu. Poklepej na soubor EmsisoftEmergencyKit.exe . Ponech všechna nastavení tak, jak jsou a klikni na tlačítko „Extract“ v dolní části. Složka s názvem EEK bude vytvořena v kořenovém adresáři jednotky (obvykle c: \).

1) Po extrakci poklikej na novou ikonu Emsisoft Emergency Kit na Tvé ploše.
2) Při prvním spuštění Emsisoft Emergency Kit doporučujeme povolit stahování aktualizací. Prosím, klepni na tlačítko „Yes“ (Ano), potom se stáhne nejnovější aktualizace databáze.
3) Po dokončení procesu aktualizace se zobrazí nové tlačítko v levém dolním rohu, s názvem „ Back“. Klikni na toto tlačítko pro návrat na předešlou obrazovku .
4) Klikni na „Scan“ , ukáží se volby skenování. Pokud budeš dotázán, zda chceš, aby se vyhledávaly potenciálně nežádoucí programy, klepni na tlačítko „Yes“(Ano).
5) Klikni na tlačítko „Full Scan“ pro zahájení skenování.
6) Když je skenování dokončeno klikni na tlačítko „Quarantine“ (karanténa vybraných objektů). Poznámka: Tato možnost je k dispozici pouze v případě, že během kontroly byly zjištěny škodlivé objekty.
7) Když budou v karanténě hrozby, klepni na tlačítko „View report“ (Zobrazit zprávy) v pravém dolním rohu, a protokol skenu se otevře v poznámkovém bloku.
Prosím ulož si protokol v poznámkovém bloku na plochu, a vlož sem celý jeho obsah.
9) Když zavřeš Emsisoft Emergency Kit, bude Ti nabídnuta možnost přihlásit se k odběru novinek. Toto je volitelné a není to nezbytné odstraňování malware.

[Rawaki]

[2015.12.23 23:57:39.840] - Begin
[2015.12.23 23:57:39.840] -
[2015.12.23 23:57:39.840] - ....................................
[2015.12.23 23:57:39.840] - ..::::::::::::::::::....................
[2015.12.23 23:57:39.840] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Poweliks
[2015.12.23 23:57:39.840] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.0.0.5
[2015.12.23 23:57:39.840] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Jun 30 2015
[2015.12.23 23:57:39.840] - .::EE:::::::::::::SS:.EE..........TT......
[2015.12.23 23:57:39.840] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
[2015.12.23 23:57:39.840] - ..::::::::::::::::::.................... 1992-2015. All rights reserved.
[2015.12.23 23:57:39.840] - ....................................
[2015.12.23 23:57:39.840] -
[2015.12.23 23:57:39.840] - --------------------------------------------------------------------------------
[2015.12.23 23:57:39.840] -
[2015.12.23 23:57:39.840] - INFO: OS: 6.2.9200 SP0
[2015.12.23 23:57:39.840] - INFO: Product Type: Workstation
[2015.12.23 23:57:39.840] - INFO: WoW64: True
[2015.12.23 23:57:39.840] - INFO: Machine guid: 359386EA-DEF6-4EC3-8765-501A1397964F
[2015.12.23 23:57:39.840] -
[2015.12.23 23:57:39.855] - INFO: Scanning for system infection...
[2015.12.23 23:57:39.855] - --------------------------------------------------------------------------------
[2015.12.23 23:57:39.855] -
[2015.12.23 23:57:39.855] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2015.12.23 23:57:39.855] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2015.12.23 23:57:39.855] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2015.12.23 23:57:39.855] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2015.12.23 23:57:39.855] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2015.12.23 23:57:39.855] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2015.12.23 23:57:39.855] - INFO: Processing classes...
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
[2015.12.23 23:57:39.855] - INFO: Processing clsid [\Registry\User\S-1-5-21-1142921332-4221375218-3014771797-1001\SOFTWARE\Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
[2015.12.23 23:57:39.855] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.12.23 23:57:39.855] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2015.12.23 23:57:39.855] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.12.23 23:57:39.855] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.12.23 23:57:39.855] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2015.12.23 23:57:39.855] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2015.12.23 23:57:39.855] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.12.23 23:57:39.855] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.12.23 23:57:39.855] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.12.23 23:57:39.855] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2015.12.23 23:57:39.855] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2015.12.23 23:57:39.855] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2015.12.23 23:57:39.855] - INFO: (XSW) Scanning for XSW variant...
[2015.12.23 23:57:39.855] - INFO: (XSW) Processing users subkeys...
[2015.12.23 23:57:39.855] - INFO: Win32/Poweliks not found

[jaro3]

A to další?

[Rawaki]

A to další?

První spuštení Kaspersky proběhlo chybou asi po hodině co se to skenovalo, ted to zkouším znovu. (sken mi trvá přibližně 3hodiny)

[Rawaki]

Kaspersky dopadl zas neuspěchem, žádnou hrozbu jsem ale nepoznamenal. Nevím čím to je prostě se program v určité fázi restartuje a nedokončí práci.
Přikládám log z chyby programu.
http://postimg.org/image/hj94zzflb/

Emisfot emergency kit - nic nenalezl.

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV - (aswVmm) -- C:\Users\mrraw\AppData\Local\Temp\aswVmm.sys ()
DRV - (aswMBR) -- C:\Users\mrraw\AppData\Local\Temp\aswMBR.sys ()

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp
C:\Users\mrraw\AppData\Local\AvgSetupLog
C:\Users\mrraw\AppData\Local\Avg
C:\Users\mrraw\AppData\Local\SCE\PackageAware
C:\ProgramData\AVAST Software
C:\WINDOWS\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.


Jdou instalovat jiné programy?

[Rawaki]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Error: No service named aswVmm was found to stop!
Service\Driver key aswVmm not found.
File C:\Users\mrraw\AppData\Local\Temp\aswVmm.sys not found.
Error: No service named aswMBR was found to stop!
Service\Driver key aswMBR not found.
File C:\Users\mrraw\AppData\Local\Temp\aswMBR.sys not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Program Files\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
C:\Windows\SysNative\drivers\SETE9D9.tmp moved successfully.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
C:\Users\mrraw\AppData\Local\AvgSetupLog folder moved successfully.
C:\Users\mrraw\AppData\Local\Avg\log\setup1 folder moved successfully.
C:\Users\mrraw\AppData\Local\Avg\log folder moved successfully.
C:\Users\mrraw\AppData\Local\Avg folder moved successfully.
File\Folder C:\Users\mrraw\AppData\Local\SCE\PackageAware not found.
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs folder moved successfully.
C:\ProgramData\AVAST Software\Persistent Data\Avast folder moved successfully.
C:\ProgramData\AVAST Software\Persistent Data folder moved successfully.
C:\ProgramData\AVAST Software\Avast\log folder moved successfully.
C:\ProgramData\AVAST Software\Avast folder moved successfully.
C:\ProgramData\AVAST Software folder moved successfully.
C:\WINDOWS\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: mrraw
->Temp folder emptied: 1491933729 bytes
->Temporary Internet Files folder emptied: 3114433 bytes
->FireFox cache emptied: 374481683 bytes
->Flash cache emptied: 1452 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26690 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 283740135 bytes

Total Files Cleaned = 2 054,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12242015_181704

Files\Folders moved on Reboot...
C:\Users\mrraw\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...